From f826d01c29da9ad3d0cd97ab06174dbb2834fcae Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 19 Nov 2014 16:21:42 -0500
Subject: [PATCH] make "trust address" the default behaviour

adds CLI option --sip-source to restore old default, and adds
new flag "SIP source address" to achieve the same on a per-call
basis
---
 README.md                | 28 +++++++++++++++++++++++-----
 daemon/call_interfaces.c | 24 +++++++++++++++++++-----
 daemon/call_interfaces.h |  3 +++
 daemon/main.c            |  6 ++++++
 daemon/str.h             | 10 ++++++++--
 utils/ng-client          |  3 ++-
 6 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index db5e20d70..c374d7836 100644
--- a/README.md
+++ b/README.md
@@ -179,6 +179,7 @@ option and which are reproduced below:
 	  -E, --log-stderr                 Log on stderr instead of syslog
 	  -x, --xmlrpc-format=INT          XMLRPC timeout request format to use. 0: SEMS DI, 1: call-id only
 	  --num-threads=INT                Number of worker threads to create
+	  --sip-source                     Use SIP source address by default
 
 Most of these options are indeed optional, with two exceptions. It's mandatory to specify at least one local
 IP address through `--interface`, and at least one of the `--listen-...` options must be given.
@@ -322,6 +323,13 @@ The options are described in more detail below.
 	as there are CPU cores available. If the number of CPU cores cannot be determined, the default is
 	four.
 
+* --sip-source
+
+	The original *rtpproxy* as well as older version of *rtpengine* by default didn't honour IP
+	addresses given in the SDP body, and instead used the source address of the received SIP
+	message as default endpoint address. Newer versions of *rtpengine* reverse this behaviour and
+	honour the addresses given in the SDP body by default. This option restores the old behaviour.
+
 * -r, --redis, -R, --redis-db, -b, --b2b-url
 
 	NGCP-specific options
@@ -579,12 +587,21 @@ Optionally included keys are:
 
 * `flags`
 
-	The value of the `flags` key is a list. The list contains zero or more of the following strings:
+	The value of the `flags` key is a list. The list contains zero or more of the following strings.
+	Spaces in each string my be replaced by hyphens.
+
+	- `SIP source address`
+
+		Ignore any IP addresses given in the SDP body and use the source address of the received
+		SIP message (given in `received from`) as default endpoint address. This was the default
+		behaviour of older versions of *rtpengine* and can still be made the default behaviour
+		through the `--sip-source` CLI switch.
+		Can be overridden through the `media address` key.
 
 	- `trust address`
 
-		If given, the media addresses from the SDP body are trusted as correct endpoints. Otherwise, the
-		address is taken from the `received from` key. Corresponds to the *rtpproxy* `r` flag.
+		The opposite of `SIP source address`. This is the default behaviour unless the CLI switch
+		`--sip-source` is active. Corresponds to the *rtpproxy* `r` flag.
 		Can be overridden through the `media address` key.
 
 	- `symmetric`
@@ -626,7 +643,7 @@ Optionally included keys are:
 		Replace the address found in the *origin* (o=) line of the SDP body. Corresponds
 		to *rtpproxy* `o` flag.
 
-	- `session connection`
+	- `session connection` or `session-connection`
 
 		Replace the address found in the *session-level connection* (c=) line of the SDP body.
 		Corresponds to *rtpproxy* `c` flag.
@@ -655,7 +672,8 @@ Optionally included keys are:
 
 	Contains a list of exactly two elements. The first element denotes the address family and the second
 	element is the SIP message's source address itself. The address family can be one of `IP4` or `IP6`.
-	Used if neither the `trust address` flag nor the `media address` key is present.
+	Used if SDP addresses are neither trusted (through `SIP source address` or `--sip-source`) nor the
+	`media address` key is present.
 
 * `ICE`
 
diff --git a/daemon/call_interfaces.c b/daemon/call_interfaces.c
index b449c5de3..c7bc88744 100644
--- a/daemon/call_interfaces.c
+++ b/daemon/call_interfaces.c
@@ -19,6 +19,10 @@
 
 
 
+int trust_address_def;
+
+
+
 
 static int call_stream_address_gstring(GString *o, struct packet_stream *ps, enum stream_address_format format) {
 	int len, ret;
@@ -454,11 +458,16 @@ INLINE void call_bencode_hold_ref(struct call *c, bencode_item_t *bi) {
 }
 
 INLINE void str_hyphenate(bencode_item_t *it) {
-	char *p;
-	p = memchr(it->iov[1].iov_base, ' ', it->iov[1].iov_len);
-	if (!p)
+	str s;
+	if (!bencode_get_str(it, &s))
 		return;
-	*p = '-';
+	while (s.len) {
+		str_chr_str(&s, &s, ' ');
+		if (!s.s || !s.len)
+			break;
+		*s.s = '-';
+		str_shift(&s, 1);
+	}
 }
 INLINE char *bencode_get_alt(bencode_item_t *i, const char *one, const char *two, str *out) {
 	char *o;
@@ -474,11 +483,15 @@ static void call_ng_process_flags(struct sdp_ng_flags *out, bencode_item_t *inpu
 
 	ZERO(*out);
 
+	out->trust_address = trust_address_def;
+
 	if ((list = bencode_dictionary_get_expect(input, "flags", BENCODE_LIST))) {
 		for (it = list->child; it; it = it->sibling) {
 			str_hyphenate(it);
 			if (!bencode_strcmp(it, "trust-address"))
 				out->trust_address = 1;
+			else if (!bencode_strcmp(it, "SIP-source-address"))
+				out->trust_address = 0;
 			else if (!bencode_strcmp(it, "asymmetric"))
 				out->asymmetric = 1;
 			else if (!bencode_strcmp(it, "strict-source"))
@@ -523,7 +536,8 @@ static void call_ng_process_flags(struct sdp_ng_flags *out, bencode_item_t *inpu
 			out->ice_remove = 1;
 		else if (!str_cmp(&s, "force"))
 			out->ice_force = 1;
-		else if (!str_cmp(&s, "force_relay") || !str_cmp(&s, "force-relay"))
+		else if (!str_cmp(&s, "force_relay") || !str_cmp(&s, "force-relay")
+				|| !str_cmp(&s, "force relay"))
 			out->ice_force_relay = 1;
 		else
 			ilog(LOG_WARN, "Unknown 'ICE' flag encountered: '"STR_FORMAT"'",
diff --git a/daemon/call_interfaces.h b/daemon/call_interfaces.h
index 70936eb77..38ffde8cb 100644
--- a/daemon/call_interfaces.h
+++ b/daemon/call_interfaces.h
@@ -15,6 +15,9 @@ struct callmaster;
 struct control_stream;
 
 
+extern int trust_address_def;
+
+
 str *call_request_tcp(char **, struct callmaster *);
 str *call_lookup_tcp(char **, struct callmaster *);
 void call_delete_tcp(char **, struct callmaster *);
diff --git a/daemon/main.c b/daemon/main.c
index 8bf876f44..28b45997a 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -24,6 +24,7 @@
 #include "redis.h"
 #include "sdp.h"
 #include "dtls.h"
+#include "call_interfaces.h"
 
 
 
@@ -310,6 +311,7 @@ static void options(int *argc, char ***argv) {
 	char *redisps = NULL;
 	char *log_facility_s = NULL;
 	int version = 0;
+	int sip_source = 0;
 
 	GOptionEntry e[] = {
 		{ "version",	'v', 0, G_OPTION_ARG_NONE,	&version,	"Print build time and exit",	NULL		},
@@ -334,6 +336,7 @@ static void options(int *argc, char ***argv) {
 		{ "log-stderr",	'E', 0, G_OPTION_ARG_NONE,	&_log_stderr,	"Log on stderr instead of syslog",	NULL		},
 		{ "xmlrpc-format",'x', 0, G_OPTION_ARG_INT,	&xmlrpc_fmt,	"XMLRPC timeout request format to use. 0: SEMS DI, 1: call-id only",	"INT"	},
 		{ "num-threads",  0, 0, G_OPTION_ARG_INT,	&num_threads,	"Number of worker threads to create",	"INT"	},
+		{ "sip-source",  0,  0, G_OPTION_ARG_NONE,	&sip_source,	"Use SIP source address by default",	NULL	},
 		{ NULL, }
 	};
 
@@ -406,6 +409,9 @@ static void options(int *argc, char ***argv) {
 		write_log = log_to_stderr;
 		max_log_line_length = 0;
 	}
+
+	if (!sip_source)
+		trust_address_def = 1;
 }
 
 
diff --git a/daemon/str.h b/daemon/str.h
index 2eb0ccf76..099621144 100644
--- a/daemon/str.h
+++ b/daemon/str.h
@@ -94,8 +94,14 @@ INLINE char *str_chr(const str *s, int c) {
 	return memchr(s->s, c, s->len);
 }
 INLINE str *str_chr_str(str *out, const str *s, int c) {
-	out->s = str_chr(s, c);
-	out->len = out->s ? (s->len - (out->s - s->s)) : 0;
+	char *p;
+	p = str_chr(s, c);
+	if (!p) {
+		*out = STR_NULL;
+		return out;
+	}
+	*out = *s;
+	str_shift(out, p - out->s);
 	return out;
 }
 INLINE int str_cmp_len(const str *a, const char *b, int l) {
diff --git a/utils/ng-client b/utils/ng-client
index dcaff839c..b8d54b3d5 100755
--- a/utils/ng-client
+++ b/utils/ng-client
@@ -21,6 +21,7 @@ GetOptions(
 	'call-id=s'			=> \$options{'call-id'},
 	'protocol=s'			=> \$options{'transport protocol'},
 	'trust-address'			=> \$options{'trust address'},
+	'sip-source-address'		=> \$options{'sip source address'},
 	'symmetric'			=> \$options{'symmetric'},
 	'asymmetric'			=> \$options{'asymmetric'},
 	'replace-origin'		=> \$options{'replace-origin'},
@@ -50,7 +51,7 @@ my %packet = (command => $cmd);
 for my $x (split(',', 'from-tag,to-tag,call-id,transport protocol,media address,ICE,address family,TOS,DTLS')) {
 	defined($options{$x}) and $packet{$x} = $options{$x};
 }
-for my $x (split(',', 'trust address,symmetric,asymmetric,force,strict source,media handover')) {
+for my $x (split(',', 'trust address,symmetric,asymmetric,force,strict source,media handover,sip source address')) {
 	defined($options{$x}) and push(@{$packet{flags}}, $x);
 }
 for my $x (split(',', 'origin,session connection')) {